Physical and Environmental Security

(sub-domain of Security Engineering)

Copyright © 2005 – 2020 Les Bell and Associates Pty Ltd Version 2.21
 Physical Security
●
Provides a safe environment for all assets &
interests of the organization, including IS
●
Still important:
– If physical security is organizationally separate that can
cause coordination and reporting problems
– Insiders can bypass logical controls if they have
physical access
– Terrorism threats
●
e.g. biochemical agents via HVAC
●
Useful references:
– “Physical Security”, US Dept of the Army publication
FM3-19.30
– Australian Government Information Security Manual and
Protective Security Policy Framework
 Objectives
●
The CISSP candidate will be able to:
– Describe vulnerabilities, threats and countermeasures in
the physical environment
– Identify risks to facilities, data, media, equipment,
infrastructure and supplies in the physical environment
 Changes in the Environment
●
Then
– Single computer in a controlled-access area
– Unauthorized people could not do much in there anyway
– Early controls:
●
Combination locks, fire suppression
●
Today
– Servers in multiple areas
●
That run an OS everyone knows and 12-year-olds hack
– Desktop computers are
●
critical
●
everywhere
●
connected
– And we have mobile/portable devices and universal
connectivity
 Characterization of Systems
●
Systems may be
– Static
●
installed in a structure at a fixed location
– Mobile
●
installed in vehicles or vessels
– Portable
●
could be anywhere
 Physical Threats
●
Natural/environmental
– Earthquakes, floods, storms (wind, hail, lightning, snow,
ice), tornadoes, hurricanes and cyclones, volcanic
eruptions, bush/wild fires, extreme temperatures,
high/low humidity, subsidence, building collapse, insect
& pest infestations

●
Supply systems:
– Communications outages, power problems (blackouts,
brownouts, surges, spikes), burst pipes, petrol/gas
shortages
 Physical Threats (cont)
●
Man-made
– Explosions, bio/chemical contamination, arson, hazchem
spills, vandalism, theft, fraud & embezzlement,
unauthorized intruders, accidents (spilled drinks,
overloaded power outlets), disgruntled employees

●
Political events:
– Bombings, terrorist attacks, espionage, war, riots and
civil disturbances, strikes

●
Medical
– Pandemics (e.g. bird flu, Zika virus, etc.)
 Threat & Risk Assessment
●
Is particularly important
●
Superordinate principle:
– Life safety
●
e.g. not barring exits
Information Protection Environment
 Information Protection
Environment
●
Physical security depends heavily on a layered
approach
●
Perimeter
– Building Grounds
●
Building Entrance
– Rooms / Office Suites
●
Office / Data Centre
●
Equipment
●
Media / Supplies
 Crime Prevention Through
Environmental Design
●
Combines site design, psychology, security
hardware
●
Based on three principles:
– Territoriality
●
Symbols of ownership: fences, signs & art, pavement
treatments, good maintenance, landscaping
– Surveillance
●
Landscaping & lighting to improve visibility from within
buildings and by passers-by. CCTV is also used
– Access control
●
Carefully-located entrances, exits, fencing & landscaping,
to limit access on foot and by car
 Site Location
●
Visibility
– Surrounding terrain, adjacent facilities/buildings,
population density
●
Surrounding environment
– Proximity to emergency services, nearby hazards (petro/
chemical plants, etc.), probability of riots /
demonstrations
●
Accessibility
– Road access, traffic, proximity to airport & train stations
●
Natural disasters
– Probability of floods, storms, earthquakes, hurricanes,
etc.
●
Geotechnical survey data: faults, land slips, etc.
Visibility. . .
 Site Construction
●
Walls
– Combustibility & fire rating, reinforcement for secure
areas
●
Doors
– combustibility & fire rating, resistance to forced entry,
emergency signage, placement, alarms, directional
opening, fail safe electrical locks, glass reinforcement,
CCTV & monitoring, lighting
●
Ceilings
– combustibility & fire rating, load and weight bearing
rating, drop ceilings?
●
Windows
– Translucent/opaque, shatterproof?, bulletproof?, grills,
alarms, placement, accessibility
 Site Construction (cont)
●
Flooring
– combustibility & fire rating, load and weight bearing
rating, raised flooring, conductivity, zinc whiskers
●
Roof access
– Outside ladders and fire escapes, helipad?
 Power Supply Threats
●
Complete power loss
– Blackout: complete loss of power
– Fault: momentary loss of power
●
Power degradation
– Brownout
●
voltage drop, usually due to excessive demand (e.g.
summer A/C)
– Sag/dip
●
At most a few seconds of low voltage, usually due to
inrush current of nearby equipment
– Surge
●
Sudden rise in voltage, caused by switching transients,
generators coming on line, lightning strikes
 Power Supply Threats (cont)
●
Power degradation (cont)
– Transient
●
Noise spike, very short duration
●
Other terms
– Inrush current
●
Large starting current drawn by electric motors, power
supply capacitors on start up
– Electrostatic discharge
●
discharge of static electricity
– nothing to do with power
– Interference (EMI/RFI)
●
current changes in cables cause an induced magnetic
field, which in turn generates a voltage in nearby cables
– Affects network, comms, etc.
●
Radiated by power lines, fluorescent lights, computers,
monitors (Van Eck radiation)
 Water / Plumbing
●
Broken pipes (main & fire-suppression)
●
Faulty HVAC
– especially evaporative coolers & condensers
●
can also cause condensation problems
– High humidity can also lead to mold & mildew
●
Do not locate equipment rooms beneath
washrooms, showers, pools, etc.
 HVAC (&R)
●
Heating, Ventilation, Air Conditioning (&
Refrigeration)
●
Manage temperature, humidity, air quality
●
Can it be interfered with, locally or remotely
– Some systems have network connections
●
Positive pressurization
– airflow is out of the controlled area
●
Keeps out dust and contaminants
– Risk:
●
bio/chemical agents could be introduced if air inlets are
accessible
– Roof design
 Internal Sensitive Areas
●
Some areas need additional protection
– Data centre / server room
– Network / comms closets
– PABX room
– R & D labs, etc.
– Process control rooms
– Reception
●
May require duress alarm
 Portable Computing /
Telecommuting
●
Physical risks:
– Loss or theft of equipment
– Loss of work records
– Subsequent compromise to confidentiality
Security Technology and Tools
 Layered Defence
●
Already mentioned, but bears repeating
●
Multiple types of controls
– Avoid common mode failures
●
Example:
– Perimeter fencing
– Entry doors (locked at night)
– Card access controls on lift
– Card locks on office doors
– Locked drawers, cabinets and safes
Perimeter & Grounds Protection
 Fences
●
Chain-link should be 5cm x 5cm, 9 gauge wire, taut
& securely fastened to steel or concrete posts with
concrete footings & sited appropriately
●
Secured top & bottom
●
Recommended height:
– 1 meter: deters casual trespassers
– 2 meters: too high to climb easily
– 2.4 meters with top guard: deters determined intruder
●
Checked & repaired regularly
●
Cleared of vegetation and other cover
●
Under CCTV coverage
 Gates
●
Types
– Barrier arm (manual or automatic)
– Vertical pivot gates
– Horizontal slide gates
– Horizontal swing gates
– Vertical lift gates
– Overhead pivot gates
●
Automatic gates must sense entrapment and
release within a few seconds to avoid injury
●
Tailgating
– Gates should open & close quickly
●
Bollards
– protect pedestrian areas
– protect entrances against ram raids
●
may be lighted and used in CPTED
 Vehicular Gates
●
Class I: residential gates
●
Class II: commercial, e.g. garage or parking lot
●
Class III: industrial, limited access, e.g.
warehouses, loading dock
●
Class IV: Restricted access operation that requires
supervision by security personnel, e.g. airport
movement areas, prisons
Fences and Gates Together!
 Perimeter Lighting
●
2 foot-candles, measured 8’ above ground
●
Continuous lighting
– Glare projection lighting
●
flood lights point outwards – keeps guard in comparative
darkness
– Controlled lighting
●
lighted area around perimeter
●
Trip lighting
– Sensor-activated
●
Standby lighting
– Turned on as required – create impression of activity
– Do not use gas-discharge for standby lighting
●
Emergency lighting
– Battery or generator powered
 Perimeter Intrusion Detection
Systems
●
Along the perimeter and on buildings
●
Electro-mechanical systems
– on gates, fences, etc.
●
Coaxial strain-sensitive cable
– Woven through fence
●
Proximity detectors
●
Time-domain reflectometer systems
●
Seismic detectors
●
Vibration detectors
●
Video motion detectors
●
Intrusion detectors (light beam interruption)
●
All prone to false alarms
– Expensive to install & monitor
 CCTV
●
Cabled to a central monitoring facility
– Old-style: coax plus multiplexers
– Current: Ethernet (often PoE)
●
May display multiple scenes on one screen or
multiple screens, or cycle
●
Capability levels:
– Detection: Can detect an object
– Recognition: Can determine the type of object
– Identification: Can determine details of the object
 CCTV Components
●
Camera
– Usually CCD (charge coupled device) or CMOS sensors
●
Older systems used vidicon tubes
●
CCD's use global shutters, but output image one pixel at a
time via image processor
●
CMOS uses rolling shutter, but processes entire image at
once
– Some distortion or artifacts, but higher resolution
– May be colour, some infra-red (with illuminator)
●
Lens:
– Consider field of view & depth of field
●
Zoom – most useful with pan & tilt
– Focal length – manual, motorized, motorized with auto-
iris (especially outdoors, where light will vary)
●
Iris can be fixed in areas of constant illumination
 Cameras and Lighting
●
Light and camera sensitivity are measured in lux
(S.I.) or foot-candles (imperial)
– Perimeter lighting should provide 2 foot-candles,
measured at 8 ft above the ground
●
Light directed at camera = ambient illumination x
%age reflectivity of scene
●
Lights should never point at cameras
– Mount cameras above and behind lights
 CCTV Components (cont)
●
Transmission media
– Dedicated coax
●
Common, inexpensive, outdated
– Fibre
●
Best for long distances, exposure to lightning
– Ethernet
●
For webcams (e.g. Axis)
– Wireless 802.11
●
Now you have to secure it!
 CCTV Components (cont)
●
Monitors
– Usually small-screen, suitable for desk or shelf mounting
– Increasingly, LCD displays
– Associated gear:
●
Pan & tilt controls
●
Switches and multiplexers
●
Infrared illuminators
●
Time/date generators
●
Video tape recorders
– Manage tape rotation and testing
●
Digital video recorders
●
Motion detectors, coupled to system
 Building Materials (External)
●
Light frame (e.g. houses): fire survival 30 mins
●
Heavy timber – minimum thickness 4": fire survival
one hour
●
Incombustible: steel construction, will buckle and
fail at high temperatures
●
Fire resistant: Structural elements are
incombustible and encased in (e.g.) concrete for
insulation
 Doors
●
Construction:
– Hollow-core is easily forced
– Solid-core is better for secure areas
●
Issues:
– Hinge and strike plates should be firmly secured
– Frames are often a weak point and should be inspected
– Emergency panic bars
●
may be alarmed
– Alarm sensors
●
Often reed switches
– Mantraps
●
Two controlled doors, only one opens at a time
– Used to constrain intruders while security personnel
investigate
– May weigh people to stop tailgating, or detect objects being
 Windows
●
Materials
– Plate glass
– Tempered glass
●
5 – 7 times more impact-resistant than plate
– Laminated glass
– Acrylics
●
Tougher still, but burn producing toxins
●
Turns opaque due to ultraviolet exposure
– Polycarbonates
●
20 x tougher than acrylics
– Glass-clad polycarbonates
●
resist abrasion, chemicals, fires, projectiles
– but expensive
●
For general use, shatter resistant laminated glass
in fixed frames
 Other Controls for Glass
●
Wired glass
●
Solar window films
●
Window security film
– DIY lamination product, use on plate & tempered glass
windows
●
Glass breakage sensors
 Locks
●
Not invulnerable
– Can be picked using a tension wrench and pick, or raked
or bumped
●
Types of locks
– Key locks
●
Warded lock
●
Pin tumbler locks
●
Wafer or disc tumbler locks
●
Interchangeable-core locks
– Combination locks
– Electronic combination locks
– Deadbolt locks (unsprung latch)
– Keyless locks
●
Cipher locks (digital push-button locks)
– Smart locks
A Pin Tumbler Lock Mechanism
 Key Control Procedures
●
Key Management Policy is administered and
maintained by the Key Control Authority
●
Procedures for key
– Identification
– Issue and sign-out
– Inventory
– Return
– Destruction
– Dealing with non-returned and lost keys
●
Remember – keys can be copied

See http://www.medeco.com/Other/Medeco/support/Medeco_Key_Control_Policy_Guide.pdf
 Master Key Systems
●
Master key opens all locks
●
Each lock has its own unique keys
●
Must be planned
– Controls on access to master and sub-master keys
– Not used on perimeter doors
– Not used on restricted access areas
– Utility rooms may be keyed alike in groups
 Security Guards
●
Often in a guard station behind reception
– Monitor entrance/exit, cameras, screen package
deliveries, etc.
– Issue/retrieve badges
– Secure mobile phones, cameras for visitors
●
Considerations
– Direct hire vs contracted
●
if contracted, pre-employment screening
– Armed?
– Licensed?
– Special training
 Power Controls
●
Surge suppressors
●
Noise filters/suppressors
●
UPS
– Allows equipment to fail soft
– Make sure adjacent switches etc. are powered
– Inverter UPS also protects against surges, brownouts,
etc.
●
Generator
– Necessary to bridge extended outages
– Useful for essential services
●
PABX, emergency lighting, HVAC
●
Maintenance issues
●
UPS battery replacement and disposal
●
Generator fuel additives and regular runs
 Good Practices
●
Both primary and alternate power sources
– From two different substations
●
Access controls on distribution panels, etc.
●
Emergency Power Off switch
– (With molly-guard)
– Especially useful in hardware support areas
●
Power line monitor / logging voltmeter
●
Test UPS installations (including software
configuration) for graceful shutdown
●
Staggered power-up, especially after outage
●
Shielding on long cable runs
 Other Utilities Controls
●
Water
– Keep equipment away from water-prone areas
– Check for pipes under raised floors
– Emergency shut-off valves
●
Gas lines
– Locate and test incoming shut off valves
●
Clearly mark and secure
– Locate any shut-off valves in the building
– Document locations and notify fire department
 Fire Protection
●
Fire prevention
– Building materials
– Separation of combustible materials (e.g. paper,
shredded waste) from ignition sources
– Floor-to-ceiling walls
– Fireproof storage for media
– Fire-prevention training
●
Fire detection
– Ionization-type smoke detectors
●
Detect difference between a sealed chamber and one
open to smoke particles
– Photoelectric smoke detectors
●
VESDA (aspirating smoke detectors)
– Heat detectors
 Fire Suppression
●
Fire Classes
– A – common combustibles (wood, paper, laminate)
●
Suppressants: water, soda acid
– B – Liquids (petroleum products, coolants)
●
Suppressants: gas (Halon substitutes), CO2, soda acid
– C – Electrical
●
Suppressants: gas (Halon substitutes), CO2
– D – Combustible metals
●
Suppressants: Dry powder
 Portable Extinguishers
●
Type ABC
●
Primary purpose: provide an escape route
●
Can be used against small fires
– by trained personnel
– after others have evacuated
 Fire Extinguishing Systems
●
CO2
– Works by displacing oxygen
●
Not safe for people
●
Use for unattended facilities, or have a time delay before
use
●
Halon
– Interferes with oxidation reaction
– No longer produced, following Montreal Protocol
agreement on production of CFC's
●
Approved replacements: FM-200, NAF-S-III, CEA-410,
FE-13, water, Inergen, Argon, Argonite
●
Fog/Mist Systems
– Pioneered for machine rooms, ship engine rooms
– Specialised installations for data center racks
●
Finely vaporized water drawn through racks
Fire Extinguishing Systems (cont)
●
Water Sprinklers
– Wet pipe systems
●
Always contain water under pressure, released when a
link melts
– Also called closed-head systems
– Dry-pipe systems
●
Water is held back by a valve until a specific temperature
is reached
– Delay is good in false alarms, bad for real events
– Better for cold climates as water does not freeze and burst links
– Preaction systems
●
Combination of above
– both valve and links
●
Used around expensive equipment to avoid water damage
– Deluge systems
●
Dry pipe system with open sprinkler heads to release a
 Other Fire Concerns
●
Activation of a fire
suppression system or
fire alarm should
automatically shut
down HVAC to deny
the fire oxygen and not
distribute retardant
through the system to
where it is not needed
●
If possible, shut off
equipment before
activating fire
suppression (especially
water)
 Building Intrusion Detection
Systems
●
Basic mechanisms
– Breaking/making a circuit (reed switch)
– Interrupting a light beam
– Passive infrared detectors (PIR's)
– Detecting sound (sensitive microphones)
– Detecting vibration
– Motion detectors
●
Ultrasonic
●
Microwave
– Can penetrate thin walls
– Less problem with air currents
– Electrostatic field sensors
●
Control unit location
– back-to-base feature on phone line
 Data Centre / Server Rooms
●
Access Control
– Equipment locks
●
on servers, rack enclosures, drives, etc.
– Access control by badge, smart card or biometrics
– Alarm doors / area outside working hours
– Sign-in for visitors, CCTV at door
– Access control policies for daytime, after-hours and
emergencies
– Strict key control, lock combinations changed regularly
Data Centre / Server Rooms
●
Walls
– Construct room as a single unit, not adjacent to external
walls
– Walls must be full height (slab-to-slab) so intruders and
fire cannot move through ceiling space
– Glass may or may not be appropriate
●
shatter-resistant if used
●
Doors
– Solid-core, open inwards, minimum 3 hinges per door
●
Location
– Centrally-located in building
●
Away from external walls and windows
●
Away from water pipes, etc.
 Data Centre / Server Rooms
●
HVAC
– Separate from rest of building, positive pressure
– Ducts and vents too small for an intruder, or otherwise
secured (barred)
– Optimal temperature 70 – 74 deg F (21 – 23 deg C)
– Humidity 40 – 60 %
●
Power
– UPS or generator
●
test regularly
– Separate supply facilities
– Closets, cables and wiring secured
– Emergency lighting
– Emergency power-off switch in a case near exits
 Data Centre / Server Rooms
●
Fire suppression
– Portable extinguishers at exits and near equipment
– FM-200 or similar for larger installations
– Fire detection
●
Raised floor
– Water sensors and fire detection underneath
– Zinc whiskers
●
Grown on underside of old zinc-electroplated steel tiles
●
Can cause shorts – often intermittent
– Short ‘zaps’ the whisker; board removal dislodges them
●
Documented and tested emergency plans
 Portable Device Security
●
Controls
– Docking station locks
– Anchor cables (Kensington, etc.)
– RFID tags
– 'Phone-home' locator software
– Boot & HD passwords
– Encrypted filesystems
●
Bitlocker, GuardianEdge, PointSec, PGP, VeraCrypt
– Awareness
●
Never leave unattended
●
Nondescript bags
●
Never send notebooks as checked baggage
●
Extra caution at airport security screening
●
Turn screen away from casual view
●
Windows “offline files” or regular backups
 Object Protection
●
Lockable desks, cupboards, safes
– Fire-resistant
●
Most “anti fire & theft” safes are rated for one hour at up
to 1700°F (927°C) but not suitable for magnetic and
optical media
– Theft-resistant
●
Securely anchored or built-in
– In a visible location
– Change combinations frequently
– Relocking devices
●
Clean desk policy
 Assurance, Trust & Confidence
Mechanisms
●
Drills, exercises and tests
– e.g. fire drills
●
Vulnerability / Penetration tests
●
Checklists
●
Maintenance and service
Test Time!